Home

Nadia Ndumu - AWS Engineer/Architect

[email protected]

Location: Jersey City, New Jersey, USA

Relocation: NO

Visa: USC

Name: Nadia Ndumu Address: Jersey City, NJ 07302 Summary of Qualifications: A self-motivated Cloud (AWS and Azure) Engineer offering about 8 years of experience in Cloud/Linux/ environments with proficiency in cloud orchestration, security, identity & access management, monitoring and event management, governance & compliance, application delivery, data protection, image and patch management, self-service and ops analytics in AWS and Azure platforms. Technical Skills and Technology Stack: Cloud Orchestration/Automation: AWS CloudFormation, AWS Lambda, AWS Systems Manager, AWS SSM Parameter Store, Ansible, Docker, Cron Job, terraform AWS Security: AWS Security Hub, AWS Guard Duty, AWS Shield, AWS Firewall Manager, AWS Inspector Monitoring & Event Management: AWS CloudWatch (Events & Logs), AWS SNS, AWS S3 Identity & Access Management: AWS Organization, AWS IAM, AWS AD Connector, Active Directory, AWS Workspaces, AWS Secrets Manager Governance & Compliance: AWS Config Rules, AWS Organization, AWS Control Tower, AWS Trusted Advisor, AWS Well Architected Tool, AWS Budgets, AWS License Manager Programming Languages: Bash, JSON, YML, Python Application Delivery: Jira, Confluence, Jenkins, Bitbucket, AWS Code Pipeline, AWS Code Commit, Data Protection: AWS Certificate Manager, AWS KMS, Snapshot Lifecyle Manager, AWS Cloud HSM, Self Service: Service Catalog Network: VPC, VGW, TGW, CGW, IGW, NGW Image & Patch: AWS SSM Patch Manager, AWS Golden AMI Pipeline Ops Analytics: Splunk AWS Platform: AWS CloudFormation, AWS Lambda, AWS Systems Manager, S3, VPC, EC2, ELB, RDS, SNS, SQS, SES, Route53, CloudFront, Service Catalog, AWS Auto Scaling, Trusted Advisor, CloudWatch, EKS Education: Bachelor of Science in Information Technology Management University of Maryland Global Campus Certifications : Top Security Clearance AWS Certified Solutions Architect Associate AWS Certified Solutions Architect Professional Certified Scrum Master Professional Experience: AWS Cloud Engineer Dell 01/2021- Present Led solutions architecture, IaC development/deployment, and configuration of cloud environments in alignment with FedRAMP and security controls Designed, implemented, and deployed custom cloud networking, IAM, security tooling, AWS services and automation to meet client requirements Planning, designing, and configuring AWS services (EC2, S3, IAM, Amazon Glacier, EBS, VPC, Elastic Load Balancing, Amazon Cloud Watch, Auto Scaling, Route 53, and Cloud Formation) Managed provisioning of AWS infrastructures using CloudFormation Implemented Jenkins, GitHub and Git for version control, code build, testing and release and CI/CD. Monitored end-to-end infrastructure using CloudWatch and SNS for notification Used AWS system manager to automate operational tasks across AWS resources Used System Manager to automate operational tasks across WK AWS infrastructure. Setup AWS Single Sign On (SSO) for on premise Active Director (AD) Built kinesis dashboards and applications that react to incoming data using AWS provided SDKs; and exported data from kinesis to other AWS services including EMR for analytics, S3 for storage, Redshift for big data and Lambda for event driven actions Developed and documented security guardrails for AWS Cloud environments Built custom images though docker server, docker compose with multiple local containers and created production grade workflows and a continuous application workflow for multiple images Implemented multiple container deployments to AWS and maintained sets of containers with deployments Optimized cost through reserved instances, selection and changing of EC2 instance types based on re-source need, S3 storage classes and S3 lifecycle policies, leveraging Autoscaling Configured CloudWatch alarm rules for operational and performance metrics for our AWS resources and applications Setup and configured logs files for detail monitoring and alerts notification when changes are made. Monitoring from end-to-end view of runtime systems CPU, bandwidth, disk space and log files using Splunk Deployed and configured infrastructure using Terraform and Ansible Implemented security best practices in AWS including multi factor authentication, access key rotation, role-based permissions, enforced strong password policy, configured security groups and NACLs, S3 bucket policies and ACLs AWS Architect/Engineer Deloitte, Arlington VA 2/2019 01/2021 Developed and leveraged baseline and custom guardrails, policies, centralized policy enforcement, tagging policies and a well architected multi account environment. Implemented Machine Image Pipeline and integrated Patch Management Migrated legacy applications to AWS cloud environment Leveraged Docker to build, test and deploy applications in different environments. Developed LLDs for migrating various applications including network sizing, Instance types, names, tags etc. Developed required and optional tagging reference document for automation, compliance and consolidated billing Developed baseline VPC and Network design including leveraging VPN connectivity and Direct Connect Developed baseline AWS account security, implemented/integrated end-point protection, vulnerability scanning and intelligent threat detection Built serverless architecture with Lambda integrated with SNS, Cloud watch logs and other AWS services. Leveraged automated DevOps tools deployment and Blue-green deployment patterns and strategies Configured CI/CD Pipelines using Jenkins connected to Git-hub and build environments (Dev, stage & Prod) Implemented IAM best practices and role-based access control Implemented AWS Organization to centrally manage multiple AWS accounts including consolidated billing and policy-based restrictions Implemented Control Tower Preventive and Detective guardrails and leveraged Account Factory, integrated with Lambda for new AWS account creation and setup. Setup Ansible control and slave nodes and developed playbooks to automation configuration of servers across environments. I leveraged EKS to fully managed Kubernetes service, and to run sensitive and mission critical application due to its security, reliability, and scalability. Leverage either the JSON or YAML format to author AWS CloudFormation templates Leverage shell to quickly run scripts with the AWS Command Line Interface (AWS CLI) AWS Architect/Engineer Apple, Austin TX 01/2017 02/2019 Managed provisioning of AWS infrastructures using CloudFormation and/or terraform. Designed a high availability and business continuity using self-healing-based architectures, fail-over routing policies, multi-AZ deployment of EC2 instances, ELB health checks, Auto Scaling and other disaster recovery models. Created patch management using Systems Manager automation for multi-region and multi account execution Implemented preventive guardrails using Service Control Policies (SCPs) Implemented detective guardrails using Cloud Custodian policies and AWS config Designed and implemented for elasticity and scalability using Elastic-Cache, CloudFront Edge locations, RDS (read replicas, instance sizes) Implemented security best practices in AWS including multi factor authentication, access key rotation, encryption using KMS, firewalls- security groups and NACLs, S3 bucket policies and ACLs, mitigating DDOS attacks Implemented Jenkins, GitHub and Git for version control, code build, testing and release and CI/CD. Monitored end-to-end infrastructure using CloudWatch and SNS for notification Used AWS system manager to automate operational tasks across AWS resources Project Management -AWS Infra design & application migration Used System Manager to automate operational tasks across WK AWS infrastructure. Setup AWS Single Sign On (SSO) for on premise Active Director (AD) Built kinesis dashboards and applications that react to incoming data using AWS provided SDKs; and exported data from kinesis to other AWS services including EMR for analytics, S3 for storage, Redshift for big data and Lambda for event driven actions Developed and documented security guardrails for AWS Cloud environments Built custom images though docker server, docker compose with multiple local containers and created production grade workflows and a continuous application workflow for multiple images Implemented multiple container deployments to AWS and maintained sets of containers with deployments Setup, configured and used Ad Hoc ansible command Designed secured, cost optimized, highly available and fault tolerant infrastructure in AWS Architected and configured Dev/Stage/QA environments in AWS (VPC, subnets, security groups, EC2 instances, load balancer, RDS, Redis, route53) Implemented security best practices in AWS including multi factor authentication, access key rotation, role-based permissions, enforced strong password policy, configured security groups and NACLs, S3 bucket policies and ACLs Optimized cost through reserved instances, selection and changing of EC2 instance types based on resource need, S3 storage classes and S3 lifecycle policies, leveraging Autoscaling Leveraged EC2 Create Snapshot API call to create snapshots of EBS Volumes on scheduled intervals Configured CloudWatch alarm rules for operational and performance metrics for our AWS resources and applications Setup and configured logs files for detail monitoring and alerts notification when changes are made. Monitoring from end-to-end view of runtime systems CPU, bandwidth, disk space and log files using New Relic Deployed and configured infrastructure using Terraform and Ansible Architected and implemented continuous integration and deployment pipelines using Jenkins and other CI Implemented identity federation using free IPA to enable users to seamlessly connect to multiple services AWS/Linux Administrative Accenture Federal, Plano TX 03/2014 01/2017 Performed applications installation, upgrades/patches, troubleshooting, maintenance, and monitoring Linux servers Installation, configuration and administration of Enterprise Linux Created, managed and administered user accounts security and SSH password-less login Network configuration & troubleshoot issues with respect to network and configuration files Task automation, service management and application deployment using Ansible and Jenkins Build and configured Linux servers from scratch with type one hypervisors for virtualization and network components Performed security setup, networking, system backup and patching for both AWS, and on-premises environments. Architect high availability environment with auto scaling & Elastic Load Balancer Securely deploy MySQL Primary DB and its read replica in private subnet with multi-AZ for disaster recovery and best practice Migration of high availability webservers and databases to AWS EC2 and RDS with minimum or no downtime VPC build with Private and Public Subnet couple with VPNs setup back to on premise datacenter and cooperate offices VPC peering with other Accounts allowing access and routing to service and users of separate account to communicate. SSL setup for Apache and Nginx application couple with AWS ELB SSL for all http to https thereby maximizing security Network, CPU, Disk and connectivity monitoring with CloudWatch and setup to trigger alarm and notify system administrators Aide setup for and configured for logs files detail monitoring and alerts notification when changes are made. Performed root-cause analysis of recurring issues, system backup, and security setup Security groups configured and locked down to the various authorized subnet and IP addresses in AWS Automated deployment, configuration and security settings using Ansible Experienced in Git-hub (cloning a Git repository, creating a branch, pushing to Git from local, and making a PR) Architected and implemented continuous integration and deployment pipelines using Jenkins and other continuous integration Keywords: continuous integration continuous deployment quality analyst sthree database active directory Arizona New Jersey Texas Virginia